VYPR
Moderate severityNVD Advisory· Published Jun 9, 2023· Updated Feb 13, 2025

Denial-of-Service in gRPC

CVE-2023-32732

Description

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.grpc:grpc-protobufMaven
>= 1.53.0, < 1.53.11.53.1
grpcioPyPI
>= 1.53.0, < 1.53.11.53.1
grpcRubyGems
>= 1.53.0, < 1.53.11.53.1
io.grpc:grpc-protobufMaven
>= 1.54.0, < 1.54.21.54.2
grpcioPyPI
>= 1.54.0, < 1.54.21.54.2
grpcRubyGems
>= 1.54.0, < 1.54.21.54.2

Affected products

72

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.